threatgrid/ctim
1.2.2
cljdoc
threatgrid/ctim
Liking cljdoc? Tell your friends :D
Current release is
1.3.19
Articles
Readme
Cisco Threat Intel Model (CTIM)
Common Relationship Type
Sorting CTIM Entities
*Actor* Object
*Asset* Object
*AssetMapping* Object
*AssetProperties* Object
*AttackPattern* Object
*Bundle* Object
*Campaign* Object
*Casebook* Object
*COA* Object
*Feedback* Object
*Incident* Object
*Indicator* Object
*Judgement* Object
*Malware* Object
*Note* Object
*Relationship* Object
*Sighting* Object
*TargetRecord* Object
*Tool* Object
*Verdict* Object
*Vulnerability* Object
*Weakness* Object
How to Build an Excellent External ID
SecureX Incident Summary Guidelines
Modeling Complex Events in CTIM
Modeling Incidents in CTIM
Modeling Threat Intelligence in CTIM
Namespaces
ctim
document
domain
disposition
id
observables
ip
sorting
time
validity
examples
actors
asset-mappings
asset-properties
assets
attack-patterns
bundles
campaigns
casebooks
coas
data-tables
feedbacks
identity-assertions
incidents
indicators
investigations
judgements
malwares
notes
relationships
sightings
target-records
tools
verdicts
vulnerabilities
weaknesses
generate
generators
common
entities
id
lib
generators
predicates
schema
schemas
actor
asset
asset-mapping
asset-properties
attack-pattern
bundle
campaign
casebook
coa
common
data-table
feedback
identity-assertion
incident
indicator
investigation
judgement
malware
note
openc2-network
openc2-network-sdn
openc2vocabularies
relationship
sighting
target-record
tool
verdict
vocabularies
vulnerability
weakness
ctim.document
->json
->markdown
-main
ctim.domain.disposition
compare-importance
importance
sort-by-importance
ctim.domain.id
->id
factory:short-id+type->long-id
factory:short-id->long-id
ID
long-id->id
long-id-factory
long-id-of-type?
long-id-re
long-id?
make-long-id-str
make-transient-id
short-id->id
short-id->long-id
short-id-pattern
short-id-re
short-id?
str->short-id
transient-id-pattern
transient-id-re
url-pattern
url-re
uuid-pattern
valid-short-id?
ctim.domain.observables.ip
ipv4-regex
ipv6-regex
match-mask?
match-some-masks?
normalize-ip
private-ip?
private-ipv4-masks
private-ipv6-mask
special-ip?
special-ipv4-masks
special-ipv6-masks
valid-ip?
valid-ipv4?
valid-ipv6?
ctim.domain.sorting
compare-judgements
sort-judgements
sort-sightings
ctim.domain.time
default-expire-date
ctim.domain.validity
valid-now?
ctim.examples.actors
actor-maximal
actor-minimal
new-actor-maximal
new-actor-minimal
ctim.examples.asset-mappings
asset-mapping-maximal
asset-mapping-minimal
new-asset-mapping-maximal
new-asset-mapping-minimal
ctim.examples.asset-properties
asset-properties-maximal
asset-properties-minimal
new-asset-properties-maximal
new-asset-properties-minimal
ctim.examples.assets
asset-maximal
asset-minimal
new-asset-maximal
new-asset-minimal
ctim.examples.attack-patterns
attack-pattern-maximal
attack-pattern-minimal
new-attack-pattern-maximal
new-attack-pattern-minimal
ctim.examples.bundles
bundle-maximal
bundle-minimal
new-bundle-maximal
new-bundle-minimal
set-of
ctim.examples.campaigns
campaign-maximal
campaign-minimal
new-campaign-maximal
new-campaign-minimal
ctim.examples.casebooks
casebook-maximal
casebook-minimal
new-casebook-maximal
new-casebook-minimal
observables
ctim.examples.coas
coa-maximal
coa-minimal
coa-openc2-variant1
coa-openc2-variant2
new-coa-maximal
new-coa-minimal
ctim.examples.data-tables
data-table-maximal
data-table-minimal
new-data-table-maximal
new-data-table-minimal
ctim.examples.feedbacks
feedback-maximal
feedback-minimal
new-feedback-maximal
new-feedback-minimal
ctim.examples.identity-assertions
identity-assertion-maximal
identity-assertion-minimal
new-identity-assertion-maximal
new-identity-assertion-minimal
ctim.examples.incidents
incident-maximal
incident-minimal
new-incident-maximal
new-incident-minimal
ctim.examples.indicators
indicator-maximal
indicator-minimal
new-indicator-maximal
new-indicator-minimal
ctim.examples.investigations
investigation-maximal
investigation-minimal
new-investigation-maximal
new-investigation-minimal
ctim.examples.judgements
judgement-maximal
judgement-minimal
new-judgement-maximal
new-judgement-minimal
ctim.examples.malwares
malware-maximal
malware-minimal
new-malware-maximal
new-malware-minimal
ctim.examples.notes
new-note-maximal
new-note-minimal
note-maximal
note-minimal
ctim.examples.relationships
new-relationship-maximal
new-relationship-minimal
relationship-maximal
relationship-minimal
ctim.examples.sightings
new-sighting-maximal
new-sighting-minimal
sighting-maximal
sighting-minimal
ctim.examples.target-records
new-target-record-maximal
new-target-record-minimal
target-record-maximal
target-record-minimal
ctim.examples.tools
new-tool-maximal
new-tool-minimal
tool-maximal
tool-minimal
ctim.examples.verdicts
verdict-maximal
verdict-minimal
ctim.examples.vulnerabilities
new-vulnerability-maximal
new-vulnerability-minimal
vulnerability-maximal
vulnerability-minimal
ctim.examples.weaknesses
new-weakness-maximal
new-weakness-minimal
weakness-maximal
weakness-minimal
ctim.generate
->gen
-main
generators
ctim.generators.common
complete
gen-char-alpha-lower
gen-set
gen-str-3+
gen-valid-time-tuple
gen-vector
generate-entity
generator
generator-complexity
leaf-generators
maybe
set
vector
ctim.generators.entities
gen-any-example-entity
ctim.generators.id
gen-host
gen-ipv4-addr
gen-long-id-with-parts
gen-path
gen-port
gen-proto
gen-short-id
gen-short-id-of-type
gen-type
gen-url-id
gen-url-id-of-type
gen-url-id-with-parts
gen-url-id-with-parts-for-type-gen
ctim.lib.generators
cpe-node-operator-string
cpe-node-operators
cpe-parts
cvss-v2-access-complexities
cvss-v2-access-vectors
cvss-v2-authentications
cvss-v2-availability-impacts
cvss-v2-availability-requirements
cvss-v2-collateral-damage-potentials
cvss-v2-confidentiality-impacts
cvss-v2-confidentiality-requirements
cvss-v2-environmental-vector-string
cvss-v2-exploitabilities
cvss-v2-integrity-impacts
cvss-v2-integrity-requirements
cvss-v2-remediation-levels
cvss-v2-report-confidences
cvss-v2-target-distributions
cvss-v2-temporal-vector-string
cvss-v2-vector-string
cvss-v3-attack-complexities
cvss-v3-attack-vectors
cvss-v3-availability-impacts
cvss-v3-confidentiality-impacts
cvss-v3-integrity-impacts
cvss-v3-privileges-required
cvss-v3-user-interactions
cvss-v3-vector-string
cvss-v3-vulnerability-scopes
formatted-cpe-23-string
gen-internal-date
observed-time
open-vocab-char
open-vocab-chars
pos-int
score
semver
string-max-len
uri
valid-time
ctim.lib.predicates
max-len
max-non-neg-int
ctim.lib.schema
describe
ctim.schemas.actor
Actor
actor-desc
actor-desc-link
ActorRef
ActorTypeIdentifier
NewActor
type-identifier
ctim.schemas.asset
Asset
asset-types
AssetRef
AssetType
AssetTypeIdentifier
NewAsset
ctim.schemas.asset-mapping
AssetMapping
AssetMappingRef
AssetMappingTypeIdentifier
NewAssetMapping
Specificity
specificity
stability
Stability
ctim.schemas.asset-properties
AssetProperties
AssetPropertiesRef
AssetPropertiesTypeIdentifier
AssetProperty
NewAssetProperties
ctim.schemas.attack-pattern
attack-pattern-desc
attack-pattern-desc-link
AttackPattern
AttackPatternRef
AttackPatternTypeIdentifier
NewAttackPattern
type-identifier
ctim.schemas.bundle
Bundle
bundle-desc
bundle-entries
BundleReference
BundleTypeIdentifier
new-bundle-entries
new-objects-entries
NewBundle
objects-entries
references-entries
type-identifier
ctim.schemas.campaign
Campaign
campaign-desc
campaign-desc-link
CampaignRef
CampaignTypeIdentifier
NewCampaign
type-identifier
ctim.schemas.casebook
Casebook
casebook-desc
CasebookRef
CasebookTypeIdentifier
NewCasebook
Text
type-identifier
ctim.schemas.coa
ActionType
ActuatorType
AdditionalProperties
COA
coa-desc
coa-desc-link
COARef
COATypeIdentifier
destination
method
ModifierType
NewCOA
OpenC2COA
OpenC2StructuredCOAType
search
structured-coa-entries
StructuredCOAType
TargetType
type-identifier
ctim.schemas.common
Activity
base-entity-entries
base-new-entity-entries
Contributor
ctim-schema-version
CTIMSchemaVersion
default-tlp
describable-entity-entries
described-entity-entries
determine-disposition-id
disposition-map
disposition-map-inverted
DispositionName
DispositionNumber
dispositions
ExternalReference
ID
id-generator
Identity
IdentitySpecification
KillChainPhase
LongString
Markdown
MedString
Observable
observable-relations-map
ObservableRelation
ObservableRelationType
ObservedRelation
ObservedTime
open-vocab
OpenVocab
PosInt
ref
ref-for-type
Reference
RelatedIdentity
relation-types
SchemaVersion
scope-wrapper-entries
ShortString
sourcable-object-entries
sourced-object-entries
specification-types
SpecificationType
Time
TLP
URI
uri?
ValidTime
ctim.schemas.data-table
check-datatable
column-type
ColumnDefinition
ColumnType
DataTable
DataTableRef
DataTableTypeIdentifier
Datum
NewDataTable
type-identifier
ctim.schemas.feedback
Feedback
FeedbackRef
FeedbackTypeIdentifier
NewFeedback
type-identifier
ctim.schemas.identity-assertion
Assertion
assertion
AssertionType
IdentityAssertion
IdentityAssertionRef
IdentityAssertionTypeIdentifier
IdentityCoordinates
NewIdentityAssertion
type-identifier
ctim.schemas.incident
Incident
incident-desc
incident-desc-link
IncidentRef
IncidentTime
IncidentTypeIdentifier
NewIncident
Score
type-identifier
ctim.schemas.indicator
BooleanOperator
CompositeIndicatorExpression
generalize-indicator
Indicator
indicator-desc
indicator-desc-link
IndicatorRef
IndicatorTypeIdentifier
JudgementSpecification
JudgementSpecificationType
NewIndicator
OpenIOCSpecification
OpenIOCSpecificationType
SIOCSpecification
SIOCSpecificationType
SnortSpecification
SnortSpecificationType
ThreatBrainSpecification
ThreatBrainSpecificationType
type-identifier
ctim.schemas.investigation
Investigation
InvestigationIdentifier
NewInvestigation
type-identifier
ctim.schemas.judgement
fix-disposition
Judgement
judgement-desc
JudgementRef
JudgementTypeIdentifier
NewJudgement
Priority
type-identifier
ctim.schemas.malware
Malware
malware-desc
malware-desc-link
MalwareRef
MalwareTypeIdentifier
NewMalware
type-identifier
ctim.schemas.note
NewNote
Note
NoteRef
NoteTypeIdentifier
type-identifier
ctim.schemas.openc2-network
ACL-action
ACLAction
BGPBlackhole
BGPBlackholeTypeIdentifier
BlockModifier
BlockModifierType
ContainModifier
ContainTypeIdentifier
DNSSinkhole
DNSSinkholeTypeIdentifier
Encapsulation
HoneyPot
HoneyPotRoutes
HoneyPotTypeIdentifier
InspectModifier
InspectModifierTypeIdentifier
NetworkACL
NetworkACLTypeIdentifier
NonSensitive
NonSensitiveTypeIdentifier
PacketCaptureModifier
PacketCaptureModifierTypeIdentifier
protocol
Protocol
Remediation
RemediationTypeIdentifier
SecGroupProfile
Traffic
VLANProfile
ctim.schemas.openc2-network-sdn
Scan
ScanMethods
ScanTypeIdentifier
ctim.schemas.openc2vocabularies
actuator-type
ActuatorType
COA-type
COAType
location-class
LocationClass
loss-duration
LossDuration
modifier-type
ModifierType
ctim.schemas.relationship
ActorReference
AttackPatternReference
CampaignReference
COAReference
DataTableReference
FeedbackReference
IdentityAssertionReference
IncidentReference
IndicatorReference
JudgementReference
MalwareReference
NewRelationship
RelatedActor
RelatedActors
RelatedAttackPattern
RelatedAttackPatterns
RelatedCampaign
RelatedCampaigns
RelatedCOA
RelatedCOAs
RelatedIdentityAssertion
RelatedIdentityAssertions
RelatedIncident
RelatedIncidents
RelatedIndicator
RelatedIndicators
RelatedJudgement
RelatedJudgements
RelatedMalware
RelatedMalwares
RelatedSighting
RelatedSightings
RelatedTool
RelatedTools
Relationship
relationship-entries
RelationshipRef
RelationshipTypeIdentifier
SightingReference
ToolReference
type-identifier
VerdictReference
ctim.schemas.sighting
NewSighting
SensorCoordinates
Sighting
sighting-desc
sighting-desc-link
SightingDataTable
SightingRef
SightingTypeIdentifier
type-identifier
ctim.schemas.target-record
NewTargetRecord
Target
TargetRecord
TargetRecordRef
TargetRecordTypeIdentifier
ctim.schemas.tool
NewTool
Tool
tool-desc
tool-desc-link
ToolRef
ToolTypeIdentifier
type-identifier
ctim.schemas.verdict
type-identifier
Verdict
VerdictRef
VerdictTypeIdentifier
ctim.schemas.vocabularies
architecture-classes
ArchitectureClass
attack-pattern-abstraction-labels
AttackPatternAbstractions
campaign-status
CampaignStatus
COA-stage
COA-type
COAStage
COAType
consequence-scopes
ConsequenceScope
cvss-v2-access-complexities
cvss-v2-access-vectors
cvss-v2-authentications
cvss-v2-cdp-scores
cvss-v2-exploitability-scores
cvss-v2-impacts
cvss-v2-remediation-level-scores
cvss-v2-report-confidence-scores
cvss-v2-security-requirement-scores
cvss-v2-target-distribution-scores
cvss-v3-attack-complexities
cvss-v3-attack-vectors
cvss-v3-availability-impacts
cvss-v3-confidentiality-impacts
cvss-v3-exploit-code-maturities
cvss-v3-integrity-impacts
cvss-v3-modified-attack-complexities
cvss-v3-modified-attack-vectors
cvss-v3-modified-availability-impacts
cvss-v3-modified-confidentiality-impacts
cvss-v3-modified-integrity-impacts
cvss-v3-modified-privileges-required
cvss-v3-modified-scopes
cvss-v3-modified-user-interactions
cvss-v3-privileges-required
cvss-v3-remediation-levels
cvss-v3-report-confidences
cvss-v3-scopes
cvss-v3-security-requirements
cvss-v3-severities
CVSSv2AccessComplexity
CVSSv2AccessVector
CVSSv2Authentication
CVSSv2AvailabilityImpact
CVSSv2CollateralDamagePotential
CVSSv2ConfidentialityImpact
CVSSv2Exploitability
CVSSv2IntegrityImpact
CVSSv2RemediationLevel
CVSSv2ReportConfidence
CVSSv2SecurityRequirement
CVSSv2TargetDistribution
CVSSv3AttackComplexity
CVSSv3AttackVector
CVSSv3AvailabilityImpact
CVSSv3ConfidentialityImpact
CVSSv3ExploitCodeMaturity
CVSSv3IntegrityImpact
CVSSv3ModifiedAttackComplexity
CVSSv3ModifiedAttackVector
CVSSv3ModifiedAvailabilityImpact
CVSSv3ModifiedConfidentialityImpact
CVSSv3ModifiedIntegrityImpact
CVSSv3ModifiedPrivilegesRequired
CVSSv3ModifiedScope
CVSSv3ModifiedUserInteraction
CVSSv3PrivilegesRequired
CVSSv3RemediationLevel
CVSSv3ReportConfidence
CVSSv3Scope
CVSSv3SecurityRequirements
CVSSv3Severity
CVSSv3UserInteraction
default-resolution
detection-effectivness
detection-methods
DetectionEffectiveness
DetectionMethod
discovery-method
DiscoveryMethod
Effectiveness
effectiveness
functional-areas
FunctionalArea
high-med-low
HighMedLow
incident-category
IncidentCategory
indicator-type
IndicatorType
intended-effect
IntendedEffect
kill-chain-name
kill-chain-phases
language-classes
LanguageClass
location-class
LocationClass
loss-duration
loss-property
LossDuration
LossProperty
malware-abstraction-labels
malware-labels
MalwareAbstractions
MalwareLabel
mitigation-strategies
MitigationStrategy
Motivation
motivation
note-types
NoteType
observable-type-identifier
ObservableTypeIdentifier
operating-system-classes
OperatingSystemClass
Prevalence
prevalences
promotion-method
PromotionMethod
relationship-type
RelationshipType
Resolution
resolution
scope
Scope
sensor
Sensor
Severity
severity
software-phases
SoftwarePhase
sophistication
Sophistication
Status
status
system-resources
SystemResource
technical-impacts
TechnicalImpact
threat-actor-type
ThreatActorType
tool-labels
ToolLabel
user-interactions
weakness-abstraction-levels
weakness-structures
WeaknessAbstractionLevel
WeaknessStructure
ctim.schemas.vulnerability
Configurations
cpe-node-operator-string
cpe-node-operators
CPELeafNode
CPEMatch
CPENode
CVE
CVEDataMeta
cvss-v2-environmental-vector-string-exp
cvss-v2-environmental-vector-string?
cvss-v2-temporal-vector-string-exp
cvss-v2-temporal-vector-string?
cvss-v2-vector-string-exp
cvss-v2-vector-string?
cvss-v3-vector-string-exp
cvss-v3-vector-string?
CVSSv2
CVSSv2EnvironmentalVectorString
CVSSv2TemporalVectorString
CVSSv2VectorString
CVSSv3
CVSSv3VectorString
formatted-cpe-23-string-regex
formatted-cpe-23-string?
FormattedCPE23String
NewVulnerability
Score
type-identifier
valid-score?
Version
Vulnerability
vulnerability-desc
vulnerability-desc-link
VulnerabilityImpact
VulnerabilityRef
VulnerabilityTypeIdentifier
ctim.schemas.weakness
AlternateTerm
applicable-platform-entries
Architecture
Consequence
DetectionMethod
Language
Mitigation
ModeOfIntroduction
NewWeakness
Note
OperatingSystem
Paradigm
Technology
type-identifier
Weakness
weakness-desc
weakness-desc-link
WeaknessRef
WeaknessTypeIdentifier
cljdoc
is a website building & hosting documentation for Clojure/Script libraries
Keyboard shortcuts
Report a problem
cljdoc on GitHub
× close